checkedint call removal

via Digitalmars-d digitalmars-d at puremagic.com
Mon Jul 28 06:41:13 PDT 2014


On Monday, 28 July 2014 at 13:31:50 UTC, Daniel Murphy wrote:
> The compiler is allowed to not check assertions in release 
> mode.  This is because a program that would fail an assertion 
> is a broken program, and by specifying -release you are telling 
> the compiler to assume all assertions pass.  I don't see any 
> reason the compiler shouldn't be allowed to change code-gen 
> based on asserts.

In that case I will write my own assert() that doesn't have this 
behaviour. Nobody who cares about program verification and 
correctness will touch this.

It means that you have to formally prove every single assert() to 
be correct. This is HARD. Hoare logic is _very_ difficult even 
for simple programs.

assert() is no guarantee for correctness, it is basically a 
break-point check. A sloppy request from the programmer to check 
some constraint that possibly could be overspecified, and that 
could silently pass. The the optimizer might assume that 
"length<1024" etc and create all kinds of problems.

Assert() are useful debugging tools, but not a codegen feature. A 
good debugger could allow you to turn them on/off or let you 
continue after hitting one. That's useful.


More information about the Digitalmars-d mailing list